The shape of your hybrid IT environment should not be an accident
- As the hybrid IT model becomes the new norm, Pat Phelan of Rimini Street outlines why CIOs need to assess how suppliers, customers and partners use the cloud and devise their own approach to integration and security.
A hybrid IT environment results from selectively moving some information technology to the cloud while retaining other technology in a noncloud environment (see Leveraging Hybrid IT Now to Power Digital Transformation). This is a fact of life for most established organizations today as they ponder the next move in the evolution of their IT infrastructure. External pressure for business agility and digital transformation often sets the agenda, but CIOs must retain a firm grip on the overall shape of the resulting environment.
Customer-facing systems and other systems of engagement can create competitive advantage by being deployed as SaaS. But moving core, tightly integrated systems such as ERP to the cloud as a SaaS suite usually does little to improve the business. Many CIOs choose to leave these systems internally deployed, while others move just the infrastructure to the cloud and then operate their licensed applications on the IaaS. Whatever the strategy, the timeline required to execute a cloud strategy can be long, resulting in a mixed hybrid IT portfolio for years.
Three key factors shape the success of a hybrid IT model – how the environment collaborates with other IT systems, its tolerance of integration risk, and its security profile.
1) Collaboration with other IT ecosystems
The composition of the hybrid IT model must accommodate the ecosystems with which a company interacts. Choosing deployment options that are similar to the enterprise’s vendors, partners, and customers can increase business value through simplification, while options that are difficult to integrate or that make cross-supply chain processes more complex can potentially disrupt or degrade business outcomes. For example, if everyone else is moving a system to the cloud, consider moving your own. If no one else is doing it, now is probably not the right time to make a cloud move for that system.
The extent to which the IT organization develops custom systems and/or purchases packaged solutions or uses a cloud provider’s tools influences the percentage of SaaS and custom solutions that comprise the hybrid model. For example, an organization that is standardizing on a specific vendor’s SaaS components, such as Microsoft, will likely use that vendor’s cloud platform for system development (MS Azure in this example), benefitting from commonality across its product line. Another enterprise might focus more on application development and therefore will shape its hybrid IT model around a cloud provider (AWS, for instance) that can support its development strategy and tool set.
Cloud complexity can increase quickly and make support and portfolio evolution difficult. Poor cloud decisions may damage a business’s ability to innovate and grow. Enterprises require rigorous, repeatable, consistent strategies for making decisions about what is or isn’t moved to the cloud in order to ensure a compatible, supportable technology portfolio. Having a clear strategy that covers not only SaaS, but platforms and tools as well, will likely result in an application portfolio that supports the business and is easier to maintain and evolve.
2) Integration risk tolerance
The integration risk that an enterprise is willing to tolerate affects how much data and process can be delivered via the cloud and how many cloud vendors can be absorbed into the hybrid IT portfolio. Risk is introduced each time data or processes cross systems, products, or services. A hybrid IT portfolio may contain numerous cloud vendors, depending on the enterprise’s tolerance for integration risk. Those with less appetite for varying levels of potential error in data synchronization and data integrity should consider maintaining fewer vendors in the hybrid IT portfolio. They may choose to keep critical data and processes in house rather than with a cloud vendor.
From an external perspective, the more partners in the mix, the more integration risk exists. The risks range from mismatched data creating data synchronization errors to mismatched SLAs that make integration timing a risk for business disruption, or mismatched change windows creating risk during change events. Internally, enterprises need to agree on what is an acceptable level of integration risk when making decisions about placing data and processes in the cloud, as well as when spreading them across multiple cloud services.
Thoughtful, consistent principles applied across the hybrid IT portfolio will help provide seamless integration that enables timely, secure data flow where it benefits the business and ensures that process integrity is maintained at all levels of risk the company can tolerate.
3) Hybrid IT environment security
The level of trust that the hybrid IT environment is safe and secure will influence what can be deployed in the cloud, especially when visibility into the cloud vendor’s security is opaque. In SaaS environments, a policy of not disclosing security controls is standard operating procedure. Most cloud vendors will certify that they are compliant and adhering to regulations and guidelines, such as PCI, in lieu of providing visibility into their controls. The level of trust that an enterprise has in its vendors’ environments being safe and secure will influence what can be entrusted to the cloud and will ultimately shape its hybrid IT environment.
Internally, the enterprise must be willing and able to take extra security steps to secure a hybrid IT environment. Using data as an example, permission management in the cloud may not align with how the enterprise needs to use or secure its data. Clear and concise controls are needed at data choke points to ensure that data is secured properly, particularly when security varies across vendors.
A strong internal security team that understands the cloud and non-cloud environments is paramount in delivering hybrid IT security services and in ensuring solid security across the hybrid environment. The strength of the enterprise’s security team will shape the hybrid IT portfolio by influencing the technology that can safely reside in the cloud.
Address these three key factors and build your hybrid IT model strategically. Let the cloud portion of the hybrid IT portfolio be shaped by whether ‘as-a-service’ truly adds any business value. Balance this with keeping integration risk low and ensuring the environment is secure. Create agility and flexibility by coordinating choices of SaaS, platforms, and tools. Finally, develop a comprehensive plan that makes provision for the possibility of vendors failing, particularly when the elements of trust, transparency, and control are considered.